SSH client setup

see sshd for the server

Key-pairKey-pair

Generate your workstation key pair

ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub

and copy/paste it to the servers you need to maintain (~/.ssh/authorized_keys)

cat ~/.ssh/id_*.pub

Eventually store the fingerprint of your public key (MD5 used at GitHub),

ssh-keygen -lf ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519.pub.sha256
ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub > ~/.ssh/id_ed25519.pub.md5

also provide the PPK format for e.g. Filezilla, but unless you are willing to compile the dev version, you will have to use RSA or DSA (-t rsa, dsa, rsa1),

sudo apt install putty-tools
puttygen ~/.ssh/id_ed25519 -o ~/.ssh/id_ed25519.ppk

fix the permissions,

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/known_hosts
chmod 400 ~/.ssh/id_*

SetupSetup

Make it easier to deal with known hosts (don’t hash them out), show the host public key in visual form so you get used to it, and speed up SSH logon by disabling GSSAPI

mv -i /etc/ssh/ssh_config /etc/ssh/ssh_config.dist
grep -vE '^#|^$' /etc/ssh/ssh_config.dist > /etc/ssh/ssh_config.clean
grep -vE '^#|^$' /etc/ssh/ssh_config.dist > /etc/ssh/ssh_config
vi /etc/ssh/ssh_config

Host *
    #SendEnv LANG LC_*
    HashKnownHosts no
    GSSAPIAuthentication no
    VisualHostKey yes

Passphrase helperPassphrase helper

as root

apt install ssh-askpass-gnome ssh-askpass

as user

cp -pi ~/.profile ~/.profile.dist
vi ~/.profile

echo -n starting ssh-agent ...
[[ -z `pgrep ssh-agent` ]] && ssh-agent > $HOME/.ssh/environment && echo done || echo already

echo -n sourcing $HOME/.ssh/environment ...
source $HOME/.ssh/environment && echo done
chmod 600 $HOME/.ssh/environment

echo -n unlocking privkey ...
[[ -z `ssh-add -l` ]] && ssh-add && echo done || echo already

echo currently loaded keys:
ssh-add -l

resourcesresources

Using ssh-agent with ssh https://web.archive.org/web/20220323200504/http://mah.everybody.org/docs/ssh

An Illustrated Guide to SSH Agent Forwarding http://www.unixwiz.net/techtips/ssh-agent-forwarding.html

moar on fingerprints

Check SSH fingerprint https://web.archive.org/web/20220702051954/https://rawsec.ml/en/check-ssh-fingerprint/ –> see at the bottom


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT